Erinevus lehekülje "Itx8071-graded-lab" redaktsioonide vahel
20. rida: | 20. rida: | ||
Make sure you can access Kibana web interface via following URL: https://ipaddress_of_your_vm:5601 (login: elastic, password: default-root-password-of-the-VM). Note that the startup process of Kibana might take several minutes before the web interface will become available. | Make sure you can access Kibana web interface via following URL: https://ipaddress_of_your_vm:5601 (login: elastic, password: default-root-password-of-the-VM). Note that the startup process of Kibana might take several minutes before the web interface will become available. | ||
+ | |||
+ | In order to receive syslog events from local rsyslog, configure it to send all events to Logstash. For example, set up the file /etc/rsyslog.d/logstash.conf with the following content: | ||
+ | |||
+ | *.* @127.0.0.1:10514 | ||
+ | |||
+ | After creating that file, don't forget to restart rsyslog: | ||
+ | |||
+ | systemctl restart rsyslog |
Redaktsioon: 11. detsember 2023, kell 12:25
Description of the graded lab
During the graded lab, a Kibana dashboard has to be created which contains at least 8 visualizations that display different data. Note that the created dashboard must feature at least 4 different types (for example, pie chart, bar chart, table, etc.). The Kibana dashboard must be created for syslog events received with Logstash. Dashboards created for events from Filebeat are not accepted.
Instructions for setting up the course virtual machine for the graded lab
Since the course virtual machine needs more resources for the graded lab than pre-configured defaults, increase the amount of RAM to at least 4GB and the number of CPUs to at least 2.
Start Elasticsearch:
systemctl start elasticsearch
Start Kibana:
systemctl start kibana
Start Logstash:
systemctl start logstash
Make sure you can access Kibana web interface via following URL: https://ipaddress_of_your_vm:5601 (login: elastic, password: default-root-password-of-the-VM). Note that the startup process of Kibana might take several minutes before the web interface will become available.
In order to receive syslog events from local rsyslog, configure it to send all events to Logstash. For example, set up the file /etc/rsyslog.d/logstash.conf with the following content:
*.* @127.0.0.1:10514
After creating that file, don't forget to restart rsyslog:
systemctl restart rsyslog